]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/x509/x_all.c
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/stack.h>
12 #include "internal/cryptlib.h"
13 #include <openssl/buffer.h>
14 #include <openssl/asn1.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509.h>
17 #include "internal/x509_int.h"
18 #include <openssl/ocsp.h>
19 #include <openssl/rsa.h>
20 #include <openssl/dsa.h>
21 #include <openssl/x509v3.h>
23 int X509_verify(X509
*a
, EVP_PKEY
*r
)
25 if (X509_ALGOR_cmp(&a
->sig_alg
, &a
->cert_info
.signature
))
27 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF
), &a
->sig_alg
,
28 &a
->signature
, &a
->cert_info
, r
));
31 int X509_REQ_verify(X509_REQ
*a
, EVP_PKEY
*r
)
33 return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO
),
34 &a
->sig_alg
, a
->signature
, &a
->req_info
, r
));
37 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI
*a
, EVP_PKEY
*r
)
39 return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC
),
40 &a
->sig_algor
, a
->signature
, a
->spkac
, r
));
43 int X509_sign(X509
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
45 x
->cert_info
.enc
.modified
= 1;
46 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF
), &x
->cert_info
.signature
,
47 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, pkey
,
51 int X509_sign_ctx(X509
*x
, EVP_MD_CTX
*ctx
)
53 x
->cert_info
.enc
.modified
= 1;
54 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF
),
55 &x
->cert_info
.signature
,
56 &x
->sig_alg
, &x
->signature
, &x
->cert_info
, ctx
);
59 #ifndef OPENSSL_NO_OCSP
60 int X509_http_nbio(OCSP_REQ_CTX
*rctx
, X509
**pcert
)
62 return OCSP_REQ_CTX_nbio_d2i(rctx
,
63 (ASN1_VALUE
**)pcert
, ASN1_ITEM_rptr(X509
));
67 int X509_REQ_sign(X509_REQ
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
69 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO
), &x
->sig_alg
, NULL
,
70 x
->signature
, &x
->req_info
, pkey
, md
));
73 int X509_REQ_sign_ctx(X509_REQ
*x
, EVP_MD_CTX
*ctx
)
75 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO
),
76 &x
->sig_alg
, NULL
, x
->signature
, &x
->req_info
,
80 int X509_CRL_sign(X509_CRL
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
82 x
->crl
.enc
.modified
= 1;
83 return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO
), &x
->crl
.sig_alg
,
84 &x
->sig_alg
, &x
->signature
, &x
->crl
, pkey
, md
));
87 int X509_CRL_sign_ctx(X509_CRL
*x
, EVP_MD_CTX
*ctx
)
89 x
->crl
.enc
.modified
= 1;
90 return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO
),
91 &x
->crl
.sig_alg
, &x
->sig_alg
, &x
->signature
,
95 #ifndef OPENSSL_NO_OCSP
96 int X509_CRL_http_nbio(OCSP_REQ_CTX
*rctx
, X509_CRL
**pcrl
)
98 return OCSP_REQ_CTX_nbio_d2i(rctx
,
100 ASN1_ITEM_rptr(X509_CRL
));
104 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI
*x
, EVP_PKEY
*pkey
, const EVP_MD
*md
)
106 return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC
), &x
->sig_algor
, NULL
,
107 x
->signature
, x
->spkac
, pkey
, md
));
110 #ifndef OPENSSL_NO_STDIO
111 X509
*d2i_X509_fp(FILE *fp
, X509
**x509
)
113 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
116 int i2d_X509_fp(FILE *fp
, X509
*x509
)
118 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509
), fp
, x509
);
122 X509
*d2i_X509_bio(BIO
*bp
, X509
**x509
)
124 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
127 int i2d_X509_bio(BIO
*bp
, X509
*x509
)
129 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509
), bp
, x509
);
132 #ifndef OPENSSL_NO_STDIO
133 X509_CRL
*d2i_X509_CRL_fp(FILE *fp
, X509_CRL
**crl
)
135 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
138 int i2d_X509_CRL_fp(FILE *fp
, X509_CRL
*crl
)
140 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL
), fp
, crl
);
144 X509_CRL
*d2i_X509_CRL_bio(BIO
*bp
, X509_CRL
**crl
)
146 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
149 int i2d_X509_CRL_bio(BIO
*bp
, X509_CRL
*crl
)
151 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL
), bp
, crl
);
154 #ifndef OPENSSL_NO_STDIO
155 PKCS7
*d2i_PKCS7_fp(FILE *fp
, PKCS7
**p7
)
157 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7
), fp
, p7
);
160 int i2d_PKCS7_fp(FILE *fp
, PKCS7
*p7
)
162 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7
), fp
, p7
);
166 PKCS7
*d2i_PKCS7_bio(BIO
*bp
, PKCS7
**p7
)
168 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7
), bp
, p7
);
171 int i2d_PKCS7_bio(BIO
*bp
, PKCS7
*p7
)
173 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7
), bp
, p7
);
176 #ifndef OPENSSL_NO_STDIO
177 X509_REQ
*d2i_X509_REQ_fp(FILE *fp
, X509_REQ
**req
)
179 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
182 int i2d_X509_REQ_fp(FILE *fp
, X509_REQ
*req
)
184 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ
), fp
, req
);
188 X509_REQ
*d2i_X509_REQ_bio(BIO
*bp
, X509_REQ
**req
)
190 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ
), bp
, req
);
193 int i2d_X509_REQ_bio(BIO
*bp
, X509_REQ
*req
)
195 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ
), bp
, req
);
198 #ifndef OPENSSL_NO_RSA
200 # ifndef OPENSSL_NO_STDIO
201 RSA
*d2i_RSAPrivateKey_fp(FILE *fp
, RSA
**rsa
)
203 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
206 int i2d_RSAPrivateKey_fp(FILE *fp
, RSA
*rsa
)
208 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey
), fp
, rsa
);
211 RSA
*d2i_RSAPublicKey_fp(FILE *fp
, RSA
**rsa
)
213 return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
216 RSA
*d2i_RSA_PUBKEY_fp(FILE *fp
, RSA
**rsa
)
218 return ASN1_d2i_fp((void *(*)(void))
219 RSA_new
, (D2I_OF(void)) d2i_RSA_PUBKEY
, fp
,
223 int i2d_RSAPublicKey_fp(FILE *fp
, RSA
*rsa
)
225 return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey
), fp
, rsa
);
228 int i2d_RSA_PUBKEY_fp(FILE *fp
, RSA
*rsa
)
230 return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY
, fp
, rsa
);
234 RSA
*d2i_RSAPrivateKey_bio(BIO
*bp
, RSA
**rsa
)
236 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
239 int i2d_RSAPrivateKey_bio(BIO
*bp
, RSA
*rsa
)
241 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey
), bp
, rsa
);
244 RSA
*d2i_RSAPublicKey_bio(BIO
*bp
, RSA
**rsa
)
246 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
249 RSA
*d2i_RSA_PUBKEY_bio(BIO
*bp
, RSA
**rsa
)
251 return ASN1_d2i_bio_of(RSA
, RSA_new
, d2i_RSA_PUBKEY
, bp
, rsa
);
254 int i2d_RSAPublicKey_bio(BIO
*bp
, RSA
*rsa
)
256 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey
), bp
, rsa
);
259 int i2d_RSA_PUBKEY_bio(BIO
*bp
, RSA
*rsa
)
261 return ASN1_i2d_bio_of(RSA
, i2d_RSA_PUBKEY
, bp
, rsa
);
265 #ifndef OPENSSL_NO_DSA
266 # ifndef OPENSSL_NO_STDIO
267 DSA
*d2i_DSAPrivateKey_fp(FILE *fp
, DSA
**dsa
)
269 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, fp
, dsa
);
272 int i2d_DSAPrivateKey_fp(FILE *fp
, DSA
*dsa
)
274 return ASN1_i2d_fp_of_const(DSA
, i2d_DSAPrivateKey
, fp
, dsa
);
277 DSA
*d2i_DSA_PUBKEY_fp(FILE *fp
, DSA
**dsa
)
279 return ASN1_d2i_fp_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, fp
, dsa
);
282 int i2d_DSA_PUBKEY_fp(FILE *fp
, DSA
*dsa
)
284 return ASN1_i2d_fp_of(DSA
, i2d_DSA_PUBKEY
, fp
, dsa
);
288 DSA
*d2i_DSAPrivateKey_bio(BIO
*bp
, DSA
**dsa
)
290 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSAPrivateKey
, bp
, dsa
);
293 int i2d_DSAPrivateKey_bio(BIO
*bp
, DSA
*dsa
)
295 return ASN1_i2d_bio_of_const(DSA
, i2d_DSAPrivateKey
, bp
, dsa
);
298 DSA
*d2i_DSA_PUBKEY_bio(BIO
*bp
, DSA
**dsa
)
300 return ASN1_d2i_bio_of(DSA
, DSA_new
, d2i_DSA_PUBKEY
, bp
, dsa
);
303 int i2d_DSA_PUBKEY_bio(BIO
*bp
, DSA
*dsa
)
305 return ASN1_i2d_bio_of(DSA
, i2d_DSA_PUBKEY
, bp
, dsa
);
310 #ifndef OPENSSL_NO_EC
311 # ifndef OPENSSL_NO_STDIO
312 EC_KEY
*d2i_EC_PUBKEY_fp(FILE *fp
, EC_KEY
**eckey
)
314 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, fp
, eckey
);
317 int i2d_EC_PUBKEY_fp(FILE *fp
, EC_KEY
*eckey
)
319 return ASN1_i2d_fp_of(EC_KEY
, i2d_EC_PUBKEY
, fp
, eckey
);
322 EC_KEY
*d2i_ECPrivateKey_fp(FILE *fp
, EC_KEY
**eckey
)
324 return ASN1_d2i_fp_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, fp
, eckey
);
327 int i2d_ECPrivateKey_fp(FILE *fp
, EC_KEY
*eckey
)
329 return ASN1_i2d_fp_of(EC_KEY
, i2d_ECPrivateKey
, fp
, eckey
);
332 EC_KEY
*d2i_EC_PUBKEY_bio(BIO
*bp
, EC_KEY
**eckey
)
334 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_EC_PUBKEY
, bp
, eckey
);
337 int i2d_EC_PUBKEY_bio(BIO
*bp
, EC_KEY
*ecdsa
)
339 return ASN1_i2d_bio_of(EC_KEY
, i2d_EC_PUBKEY
, bp
, ecdsa
);
342 EC_KEY
*d2i_ECPrivateKey_bio(BIO
*bp
, EC_KEY
**eckey
)
344 return ASN1_d2i_bio_of(EC_KEY
, EC_KEY_new
, d2i_ECPrivateKey
, bp
, eckey
);
347 int i2d_ECPrivateKey_bio(BIO
*bp
, EC_KEY
*eckey
)
349 return ASN1_i2d_bio_of(EC_KEY
, i2d_ECPrivateKey
, bp
, eckey
);
353 int X509_pubkey_digest(const X509
*data
, const EVP_MD
*type
,
354 unsigned char *md
, unsigned int *len
)
356 ASN1_BIT_STRING
*key
;
357 key
= X509_get0_pubkey_bitstr(data
);
360 return EVP_Digest(key
->data
, key
->length
, md
, len
, type
, NULL
);
363 int X509_digest(const X509
*data
, const EVP_MD
*type
, unsigned char *md
,
366 if (type
== EVP_sha1() && (data
->ex_flags
& EXFLAG_SET
) != 0) {
367 /* Asking for SHA1 and we already computed it. */
369 *len
= sizeof(data
->sha1_hash
);
370 memcpy(md
, data
->sha1_hash
, sizeof(data
->sha1_hash
));
373 return (ASN1_item_digest
374 (ASN1_ITEM_rptr(X509
), type
, (char *)data
, md
, len
));
377 int X509_CRL_digest(const X509_CRL
*data
, const EVP_MD
*type
,
378 unsigned char *md
, unsigned int *len
)
380 if (type
== EVP_sha1()) {
381 /* Asking for SHA1; always computed in CRL d2i. */
383 *len
= sizeof(data
->sha1_hash
);
384 memcpy(md
, data
->sha1_hash
, sizeof(data
->sha1_hash
));
387 return (ASN1_item_digest
388 (ASN1_ITEM_rptr(X509_CRL
), type
, (char *)data
, md
, len
));
391 int X509_REQ_digest(const X509_REQ
*data
, const EVP_MD
*type
,
392 unsigned char *md
, unsigned int *len
)
394 return (ASN1_item_digest
395 (ASN1_ITEM_rptr(X509_REQ
), type
, (char *)data
, md
, len
));
398 int X509_NAME_digest(const X509_NAME
*data
, const EVP_MD
*type
,
399 unsigned char *md
, unsigned int *len
)
401 return (ASN1_item_digest
402 (ASN1_ITEM_rptr(X509_NAME
), type
, (char *)data
, md
, len
));
405 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL
*data
,
406 const EVP_MD
*type
, unsigned char *md
,
409 return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL
), type
,
410 (char *)data
, md
, len
));
413 #ifndef OPENSSL_NO_STDIO
414 X509_SIG
*d2i_PKCS8_fp(FILE *fp
, X509_SIG
**p8
)
416 return ASN1_d2i_fp_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, fp
, p8
);
419 int i2d_PKCS8_fp(FILE *fp
, X509_SIG
*p8
)
421 return ASN1_i2d_fp_of(X509_SIG
, i2d_X509_SIG
, fp
, p8
);
425 X509_SIG
*d2i_PKCS8_bio(BIO
*bp
, X509_SIG
**p8
)
427 return ASN1_d2i_bio_of(X509_SIG
, X509_SIG_new
, d2i_X509_SIG
, bp
, p8
);
430 int i2d_PKCS8_bio(BIO
*bp
, X509_SIG
*p8
)
432 return ASN1_i2d_bio_of(X509_SIG
, i2d_X509_SIG
, bp
, p8
);
435 #ifndef OPENSSL_NO_STDIO
436 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
,
437 PKCS8_PRIV_KEY_INFO
**p8inf
)
439 return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
440 d2i_PKCS8_PRIV_KEY_INFO
, fp
, p8inf
);
443 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp
, PKCS8_PRIV_KEY_INFO
*p8inf
)
445 return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, fp
,
449 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp
, EVP_PKEY
*key
)
451 PKCS8_PRIV_KEY_INFO
*p8inf
;
453 p8inf
= EVP_PKEY2PKCS8(key
);
456 ret
= i2d_PKCS8_PRIV_KEY_INFO_fp(fp
, p8inf
);
457 PKCS8_PRIV_KEY_INFO_free(p8inf
);
461 int i2d_PrivateKey_fp(FILE *fp
, EVP_PKEY
*pkey
)
463 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PrivateKey
, fp
, pkey
);
466 EVP_PKEY
*d2i_PrivateKey_fp(FILE *fp
, EVP_PKEY
**a
)
468 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, fp
, a
);
471 int i2d_PUBKEY_fp(FILE *fp
, EVP_PKEY
*pkey
)
473 return ASN1_i2d_fp_of(EVP_PKEY
, i2d_PUBKEY
, fp
, pkey
);
476 EVP_PKEY
*d2i_PUBKEY_fp(FILE *fp
, EVP_PKEY
**a
)
478 return ASN1_d2i_fp_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, fp
, a
);
483 PKCS8_PRIV_KEY_INFO
*d2i_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
,
484 PKCS8_PRIV_KEY_INFO
**p8inf
)
486 return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_new
,
487 d2i_PKCS8_PRIV_KEY_INFO
, bp
, p8inf
);
490 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO
*bp
, PKCS8_PRIV_KEY_INFO
*p8inf
)
492 return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO
, i2d_PKCS8_PRIV_KEY_INFO
, bp
,
496 int i2d_PKCS8PrivateKeyInfo_bio(BIO
*bp
, EVP_PKEY
*key
)
498 PKCS8_PRIV_KEY_INFO
*p8inf
;
500 p8inf
= EVP_PKEY2PKCS8(key
);
503 ret
= i2d_PKCS8_PRIV_KEY_INFO_bio(bp
, p8inf
);
504 PKCS8_PRIV_KEY_INFO_free(p8inf
);
508 int i2d_PrivateKey_bio(BIO
*bp
, EVP_PKEY
*pkey
)
510 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PrivateKey
, bp
, pkey
);
513 EVP_PKEY
*d2i_PrivateKey_bio(BIO
*bp
, EVP_PKEY
**a
)
515 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_AutoPrivateKey
, bp
, a
);
518 int i2d_PUBKEY_bio(BIO
*bp
, EVP_PKEY
*pkey
)
520 return ASN1_i2d_bio_of(EVP_PKEY
, i2d_PUBKEY
, bp
, pkey
);
523 EVP_PKEY
*d2i_PUBKEY_bio(BIO
*bp
, EVP_PKEY
**a
)
525 return ASN1_d2i_bio_of(EVP_PKEY
, EVP_PKEY_new
, d2i_PUBKEY
, bp
, a
);